Data Privacy Policy

Please click here to see additional information regarding the collection of personal data

For California residents, please click here for more information regarding the CCPA 

 

The protection of your personal data is important to Röhlig. We always treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

This statement discloses how Röhlig uses personal data on the Internet, what information about users of Röhlig Web sites is collected, and how that information is used, disclosed or otherwise processed.

It also describes how cookies and other technologies can be used in our applications. When you call up our website, you will be informed about the use of cookies. In this context, there is also a reference to this privacy policy.

Please note that Röhlig may, at its sole discretion, periodically modify and update this Privacy Policy. In this case, we will post updated versions of this privacy statement on this and other relevant pages. A revised privacy policy will only apply to data collected after its effective date.

We encourage you to periodically check this page for updated information about our privacy practices. Your continued use of our services following the posting of changes to the Privacy Policy will mean that you accept those changes.

This declaration also applies to the websites of affiliated companies of the Röhlig Group that refer to this declaration. It does not apply to the websites of the Röhlig Group's cooperation partners mentioned on this website.

Status (month/year): 08/2024

I. Name and address of the person responsible

The responsible person within the meaning of the European General Data Protection Regulation (EU-GDPR)  and other national data protection laws of the member states as well as other data protection regulations is the:

Röhlig Logistics GmbH & Co. KG. ("Röhlig")
Am Weser-Terminal 8
28217 Bremen
Germany
Tel: +49 (0) 421 3031-0

II. Address of the Data Protection Officer

Our data protection officer can be reached at the following contact details:

Röhlig Logistics GmbH & Co. KG 
- Data Protection Officer - 
Am Weser-Terminal 8 
28217 Bremen 
Germany
E-Mail: dataprotection@rohlig.com

III. General information on data processing
1. The scope of the processing of personal data

We use your personal information as described in this Privacy Policy to provide you with our services, to respond to your requests, and as permitted or required by law, or to assist in legal or criminal investigations. We may further anonymize and aggregate data collected through this website for statistical purposes in order to expand our product portfolio and improve our services.

2. Hosting

This website is hosted externally. The personal data collected on this website is stored on the servers of the host. This may include IP addresses, meta and communication data, website access and other data generated via a website. External hosting is carried out for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time. Our host will only process your data to the extent necessary to fulfil its performance obligations and follow our instructions with regard to this data. We use the following host: PLUTEX GmbH Hermann-Ritter-Str. 110 28197 Bremen.

Data Processing Agreement: We have concluded an Data processing Agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

3. With whom do we share your personal information?

We may store or otherwise share your personal data with our affiliates or other trusted business partners who provide services on our behalf, such as for technical support, to evaluate the usefulness of this website for marketing purposes, or for other types of service delivery. We have contracts with these parties to ensure that personal data is processed based on our instructions and in accordance with this Privacy Policy and other appropriate confidentiality and security measures.

Within our group, all affiliated companies are obliged to sign our internal group data protection agreement, which ensures the level of data protection of the GDPR applicable in the European Union for all parties involved. As part of this agreement, each party appoints a Data Protection Appointee and informs the group management of their name and contact details. The group parent company Röhlig Logistics GmbH & Co. KG assumes the task of a central complaints office. In all cases, please contact the data protection officer of Röhlig Logistics GmbH & Co. KG mentioned in section II. If you have contacted another affiliated company of the Röhlig Group in order to exercise your rights as a data subject, in particular for information or correction and deletion of your personal data, the respective company is obliged to forward this request to the group parent company without delay and to provide all necessary information from its sphere of activity without delay.

We disclose your personal information to these parties and other third parties only as necessary to provide services you have requested or authorized, to protect your and our rights, property, or safety, or as required by applicable law, court order, or other governmental regulation, or when such disclosure is otherwise necessary to assist in a legal or criminal investigation or proceeding.

Please note that Röhlig Group companies, as well as government agencies, customers and suppliers to whom we may disclose your personal data, may be located outside your home country, possibly including in countries whose data protection laws may differ from those in the country where you are located. In such cases, we will ensure that appropriate measures are taken to protect your personal data by putting in place appropriate legal mechanisms, such as our internal Group data protection agreement and, in the case of commissioned data processing by third parties, the use of EU standard contractual clauses. A copy of the EU Standard Contractual Clauses can be found at: http://data.europa.eu/eli/dec_impl/2021/914/oj.

4. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 (1) (a) of the EU GDPR serves as the legal basis for the processing of personal data.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 (1) (d) GDPR serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.

5. Data deletion and storage period

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or performance of a contract.

6. Access to your personal data by third parties

The collection, processing and use of personal data is carried out by ourselves and - insofar as we have not expressly excluded this - also by other companies of the Röhlig Group (group companies) or external service providers commissioned by us and contractually and legally obligated to data protection. In the latter two cases, we will ensure that group companies and external service providers comply with the relevant legal data protection regulations and the obligations arising from this data protection declaration. In this regard, we are guided by the legal requirements of the EU GDPR, unless stricter legal requirements are applicable and must be observed with priority.

Furthermore, no third party has access to your personal data. We will not sell or otherwise exploit this data. We will only transmit data to competent bodies in response to official or legal requirements and in the event of statutory transmission obligations. This also applies in the case of a court order for transmission. In the event of an official, legal or judicial obligation to transfer data, we will examine in each individual case whether the transfer is in accordance with the principles of the EU GDPR and / or the applicable national law and, if necessary, take legal action.

7. Safety

We have implemented technical and organizational measures to protect your personal data against loss, alteration, theft or access by unauthorized third parties. Our IT systems are designed in such a way that Röhlig Logistics GmbH & Co. KG complies with the requirements of Art. 32 et seq. of the EU GDPR.

8. Deletion and blocking

We will delete your personal data if the business purpose associated with the data has ceased to exist or the relevant statutory data protection rules require this. In the case of consent, we will delete your data after revocation or discontinuation of the purpose of consent.

At your request, we will block personal data in whole or in part, provided that this does not violate an overriding legal interest of Röhlig Logistics GmbH & Co KG in the processing. For this purpose, please inform us to what extent and for how long the blocking should take place. As far as technically possible, you can exclude the processing and use of your data for certain areas in this way.

IV. Provision of the website and creation of log files

a) Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:

  • Information about the type of browser and the version used
  • The user's operating system
  • The user's Internet service provider
  • The user's IP address
  • Date and time of access
  • Websites accessed by the user's system via our website

The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.

b) Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 (1) (f) GDPR.

c) Purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes are also our legitimate interest in the data processing according to Art. 6 (1) (f) GDPR.

d) Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

In the case of storage of data in log files, this is the case after 30 days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

e) Possibility of objection and elimination

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

V. Cookies and other technologies

a) Description and scope of data processing

In addition to the previously mentioned data, cookies are used when you use and visit our website. Cookies are small text files that are placed on your terminal device by your browser to store certain information. When a user accesses a website, a cookie may be stored on the user's computer system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly, for security purposes, to facilitate navigation and to display information more effectively. Some elements of our website require that the accessing browser can be identified even after a page change. We also use cookies on our website that enable an analysis of the user's surfing behaviour.

The following data can be transmitted in this way:

Entered search terms
Pageview frequency
Use of website functions

The user data collected in this way is pseudonymised by technical precautions. Therefore, an assignment of the data to the call the user is no longer possible. The data is not stored together with other personal data of the users.

We distinguish the following cookies when using our website:

Essential Cookies

These cookies are necessary to operate the site and temporarily store session data so that the page is displayed correctly. They contain functions without which users cannot use our pages as intended.

Functional Cookies

We use functional cookies to analyse and evaluate the use of our website. The aim is to design our website in such a way that it is optimally customised to your needs. We want to improve both the user-friendliness and the quality of our website and present the products and information of interest to you in a customer-friendly way. This also serves to detect and eliminate errors, to prevent misuse of the website and to avoid downtime. In addition, we occasionally carry out page improvement measures, such as AB testing or by offering specific information on our website functions; cookies are also set here in order to be able to identify returning users anonymously. Occasionally, we carry out additional measurements that record the click behaviour or mouse movements of individual users anonymously on a random basis.

The data collected in this way is anonymised by technical precautions. It is then no longer possible to assign the data to the accessing user. The legal basis for the use of these technical means is Art. 6 (1)(f) GDPR. This also constitutes our legitimate interest in the processing of personal data in accordance with Art. 6 (1)(f) GDPR.

Marketing Cookies

We use marketing cookies to monitor the success of our marketing campaigns. Marketing cookies originate from external advertising companies (third party cookies) and are used to collect information about the websites visited by the user in order to create target group-orientated advertising for the user.

In addition, you can adjust your cookie settings yourself at any time and agree or disagree to the use of functional and marketing cookies.

Technologies/Cookies used (as of )

Reset Cookies

b) Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) (f) GDPR. 

The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 (1) (a) GDPR if the user has given his consent in this regard.

c) The purpose of the data processing

The purpose of using technically necessary cookies is to enable the use of websites. Some functions of our websites cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change. The user data collected through technically necessary cookies are not used to create user profiles.

The use of the analysis cookies (performance cookies, marketing cookies and third-party cookies) is for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer. They may also be used for the purpose of profiling your interests and displaying relevant advertising on other websites.

d) Duration of storage, possibility of objection and elimination

Cookies are stored on the user's PC and/or mobile device and are transmitted from this to our website. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically.

VI. Contact form and e-mail contact
a) Description and scope of data processing

On our website there is a contact form which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and stored. These data are:

  • First Name
  • Last Name
  • Company
  • Country
  • E-Mail/ Subject
  • Message

For the processing of data, reference is made to this data protection declaration in the context of the sending process. 
If contact is offered via an e-mail address provided, the user's personal data transmitted with the e-mail will be stored in this case. The data will not be passed on to third parties. The data is used exclusively for processing the conversation.

b) Legal basis for data processing

The legal basis for the processing of the data is Art. 6 (1) (a) GDPR if the user has given his consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) (f) GDPR. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR. 

c) Purpose of the data processing

The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data. The processing of your data for purposes other than those mentioned (e.g., for advertising purposes) will only take place with your express consent.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

d) Duration of storage

The data will be deleted as soon as the user revokes his consent or the data is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified.

e) Possibility of objection and elimination

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
All personal data stored in the course of contacting us will be deleted in this case.

VII. Data processing in the application process and information pursuant to Art. 13 GDPR

We collect and process the personal data of applicants for the purpose of processing the application procedure. Processing may also be carried out electronically. This is particularly the case if an applicant sends us the relevant application documents, for example by e-mail or via an application portal on the website.

a) The purpose of the data processing

The processing of personal data in the context of applications/ unsolicited applications serves to carry out the application procedure to fill a specific position. You will find your rights in Chapter XI.

b) Legal basis for data processing

The legal basis for the collection and processing of applicant data for a specific position is Art. 88 para. 1 GDPR in conjunction with Art. 26 FDPA. § Section 26 FDPA and for the transmission of your profile to the respective group company advertising the position as well as Art. 6 para. 1 lit. a and f GDPR.

c) Duration of the storage of your data

If an employment contract is concluded, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions If no employment contract is concluded, the application documents will be automatically deleted no later than six months after notification of the rejection decision, provided that deletion does not conflict with any other legitimate interests of the data controller or you have given your explicit consent to longer storage in our talent pool. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).

VIII. Hyperlinks

Our website may contain hyperlinks, i.e., electronic cross-references, to third-party websites. Since we are not responsible for the contents and the legal conformity with data protection law of the websites of third parties, we ask you to observe the respective data protection declaration on the websites of third parties.

IX. Plugins and Social media

There are links to (external) social media ("social plugins") on our website. The functions assigned to the links, in particular the transmission of information and user data, are not already activated by visiting our website, but only by clicking on the links. After clicking on these links, the plugins of the corresponding media are activated, and your browser establishes a direct connection with their servers.

If you click on links while visiting our website, your user data may be transmitted to the corresponding network and processed by the network. If you click on the links while visiting our website and are logged in to the social network via your personal user account (account) at the same time, the information that you have visited our website may be forwarded to the social network and stored there in connection with your account. To prevent an assignment to your account with the corresponding network, you must log out of your account before clicking on the link.

For the purpose and scope of data collection by the social media and the further processing and use of your data there, as well as your rights in this regard and setting options for protecting your privacy, please refer to the data protection information of the relevant network. The respective social network is solely responsible for the data processing that starts when you click on the link.

By integrating the plugins and activating them, the providers receive the information that your browser has accessed the corresponding page of our website, even if you do not have a profile or are not currently logged in. This information (including your IP address) may be transmitted by your browser directly to a server of the respective provider and processed there. According to the providers, the providers process personal data of users from EU/EEA countries within the EU. Data of users residing in a country outside the EU/EEA may be processed in the USA or another third country.

If the data within these providers is transferred from servers within the EU/EEA to servers outside the EU/EEA, Röhlig Logistics GmbH & Co. KG has no legal or technical influence on this.

The purpose and scope of the data collection and the further processing and use of the data by the providers as well as your rights in this regard and setting options to protect your privacy can be found in the providers' data protection notices.

If you do not want LinkedIn, YouTube or other channels to assign the data collected via our website directly to your profile in the respective service, you must log out of the respective service before visiting our website.

For further details, please refer to the information in section V Cookies and other technologies.

X. Röhlig booking portal "Get A Quote" / "My Röhlig"

a) Description and scope of data processing

On our booking portal, we offer users of our website the possibility of creating a customer account and using it to initiate, conclude, process and manage fee-based contracts for logistics services with the companies of the Röhlig Group. For this purpose, your consent is obtained, and reference is made to this data protection declaration. The data is entered by the user in an input mask, transmitted to us and stored. The data is passed on in accordance with the conditions described under III. 4. of this data protection declaration. Access by third parties is possible in accordance with the specifications outlined under III. 6 of this data protection declaration.

The following contact data is collected during registration: E-mail address, first and last name, company name, company address, telephone number, fax number. Within the scope of the use of the booking portal, the data of the contract initiation, i.e., the selection of the forwarding services (e.g., goods, place of loading/delivery, delivery time), are stored and processed. These are entered by the user himself. If a contract is then concluded for the provision of transport and logistics services, Section III 4. of this data protection declaration applies.

Automatic decision-making including profiling does not take place in this context.

Live-Chat

You can contact us via the provided chat tool. If you do so, data will be collected, stored and processed in order to answer your input. Please note that when contacting us in this way, you voluntarily provide the data you enter, e.g., your name, E-Mail address and message.

This data is stored by our service provider, https://onereach.ai/, on AWS servers in Germany. All data and communication via the chat tool is encrypted. A processing contract has been concluded with the provider.

b) Legal basis for data processing

The legal basis for the processing of the data is Art. 6 (1) (a) GDPR if the user has given his consent. If the registration serves the fulfilment of a contract, of which the user is a contracting party, or the implementation of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) (b) GDPR.

c) Purpose of the data processing

Registration is required for viewing and using the booking portal. Data entered by users is primarily stored and processed for the technical administration of the booking portal and processing of contacts and customer enquiries. In addition, the processing takes place for the creation of statistics, for needs-based advertising and for purposes of quality assurance, process optimization and planning security.

d) Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. The customer account on the booking portal can be terminated by the user concerned at any time. Until then, the relevant data will be stored without time limit so that the user can access it at any time (e.g., the order history).

e) Possibility of objection and elimination

As a user, you have the option to cancel the registration and thus delete the customer account at any time. A view and/or use of the booking portal is then no longer possible.

You can view and change the data stored about you at any time using your e-mail address and your self-selected password.

Data relating to specific orders will be blocked if the customer account is deleted after the order has been processed (expiry of the warranty period) and deleted after the statutory retention periods have expired.

XI. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you are entitled to the rights listed below vis-à-vis the controller.

1. Right to information

You may request confirmation from the controller as to whether personal data concerning you is being processed by us.

If there is such processing, you can request information from the controller about the following:

  1. the purposes for which the personal data are processed;
  2. the categories of personal data which are processed;
  3. the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
  4. the planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for the determination of the storage duration;
  5. the existence of a right to obtain the rectification or erasure of personal data concerning you, a right to obtain the restriction of processing by the controller or a right to object to such processing;
  6. the existence of a right of appeal to a supervisory authority;
  7. any available information on the origin of the data, if the personal data are not collected from the data subject;
  8. the existence of automated decision-making, including profiling, pursuant to Art. 22 (1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information on whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.

2. Right of rectification

You have a right of rectification and/or completion vis-à-vis the controller if the personal data processed concerning you are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.

3. Right to restriction of processing

You may request the restriction of the processing of personal data concerning you under the following conditions:

  1. if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
  2. the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
  3. the controller no longer needs the personal data for the purposes of processing, but you need them for the assertion, exercise or defence of legal claims, or
  4. if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether the legitimate grounds of the controller outweigh your grounds.

Where the processing of personal data relating to you has been restricted, such data may be processed, with the exception of storage, only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

4. Right to erasure

a) Obligation to delete

You may request the controller to delete the personal data concerning you without delay, and the controller is obliged to delete such data without delay, if one of the following reasons applies:

  1. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. You revoke your consent on which the processing was based pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and there is no other legal basis for the processing.
  3. You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
  4. The personal data concerning you have been processed unlawfully.
  5. The deletion of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
  6. Personal data concerning you has been collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

b) Information to third parties

If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17 (1), it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, have requested that they erase all links to or copies or replications of such personal data.

c) Exceptions

The right to erasure does not exist insofar as the processing is necessary:

  1. to exercise the right to freedom of expression and information;
  2. for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the area of public health pursuant to Art. 9 (2) (h) and (i) and Art. 9 (3) GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the right referred to in Section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing, or
  5. for the assertion, exercise or defence of legal claims.

5. Right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right against the controller to be informed about these recipients.

6. Right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that:

  1. the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and
  2. the processing is carried out with the aid of automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another controller, insofar as this is technically feasible. This must not affect the freedoms and rights of other persons.

The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6(1) (e) or (f) GDPR.

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.

8. Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

9. Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

  1. is necessary for the conclusion or performance of a contract between you and the controller,
  2. is authorised by legislation of the Union or the Member States to which the controller is subject and that legislation contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or
  3. with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms of, and the legitimate interests of, the data subject, including at least the right to obtain the intervention of a person from the controller, to express his or her point of view and to contest the decision.

10. Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

XII. Notification of data protection incidents

Data protection incidents can be reported at any time at dataprotection@rohlig.com.
A data protection incident means a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed by Röhlig or a third party contracted by Röhlig.

XIII. Further data processing

As a matter of principle, we collect and process personal data only insofar as this is necessary for the provision of our services and our activities. After the contractual obligations have been fulfilled, we process this data only after consent has been given. An exception applies in those cases in which it is not possible to obtain consent in advance for actual reasons or the processing of the data is permitted by legal regulations.

In the case of consent, Art. 6 (1) (a) GDPR serves as the legal basis. In the case of processing of personal data which is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR shall form the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. If processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis. If processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) (f) GDPR is the legal basis for the processing.

The personal data will be stored until you request us to delete it, revoke your consent to store it or the purpose for processing the data no longer applies (e.g., after a contract has been completely fulfilled). Mandatory legal provisions and retention periods remain unaffected.

XIV. Minors

Persons under the age of 18 should not transmit any personal data to us without the consent of their legal guardians. According to Art. 8 GDPR, children up to 16 years of age may only declare such consents with the consent of their legal guardians. Personal data of minors will not be collected and processed by us unless we are required to do so by law. If we become aware that data has been transmitted to us outside of such a legal obligation without the consent of the parents or other legal guardians, we will delete this data immediately.

XV.  Actuality and validity of this privacy policy

Röhlig reserves the right to amend this data protection declaration at any time and with effect for the future. It is therefore recommended to read this data protection declaration again at regular intervals.